I am genuinely shocked by how poor the overall security of these
devices are, even more so when you see that these endpoints have
been known for years and relatively well documented.

I usually would have worked directly with Google to reboot these
issues if they had not previously disclosed, but due to the sheer
amount of prior work online and committed code in their own
codebase, it is obvious they know.

Very strange — you can cause any of these devices to reboot or forget their wireless network with a simple curl one-liner. You have to be on the same local network, but still.